Install and Configure Salt Master on Ubuntu

This tutorial is about the steps to take to install Salt Master on Ubuntu performed by Server Administrators.

This task can be done either using Ubuntu SaltStack PPA or using Salt-Bootstrap.

Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to perform Software Installation tasks.

In this context, you shall learn the processes to install Salt Master on Ubuntu.

How to install and configure Salt Master on Ubuntu?

Installing and configuring Salt Master on Ubuntu involves a series of steps as listed below:

i. Install the Master Daemon

ii. Initial Master Configuration

iii. Install a Separate Minion

iv. Configure the Minion

Now, we will look into these processes briefly below.


The Process to Install the Salt Master Daemon on Ubuntu?

The Salt master daemon can be installed in Ubuntu either using Ubuntu SaltStack PPA or using Salt-Bootstrap.

Installation using Ubuntu SaltStack PPA is the easiest method as it uses the Ubuntu native package management tools to install and update the required software. However, the packages can be significantly out-of-date.

Installation using Salt-Bootstrap attempts to use the native software tools available. However, it also provides easy access to the development versions of Salt.

How to Install the Stable Version of Salt Master on Ubuntu from the Official PPA?

First, we will need to add the SaltStack PPA to the server that we plan to use as the master:

saltmaster$ sudo add-apt-repository ppa:saltstack/salt

Like in all major software installations, we will need to update the local packages initially. Afterward, we can install the relevant software:

saltmaster$ sudo apt-get update
saltmaster$ sudo apt-get install salt-master salt-minion salt-ssh salt-cloud salt-doc

In the above command, we installed both the Salt master and minion daemons. This will allow us to control our master server with Salt as well.

We also installed salt-ssh and salt-cloud, which give us more flexibility in how we connect to and control resources.

How to Install the stable version of Salt Master on Ubuntu using Salt-Bootstrap?

An alternative method to install the stable version is using the salt-bootstrap script. This is available for download from the SaltStack website. This gives us more up-to-date versions of some of the Salt dependencies.

To get started, move to the home directory or somewhere else where we have the write permissions.

We can use curl to download the bootstrap script.

saltmaster$ cd ~
saltmaster$ curl -L -o

It is a good idea to check the content of the script and confirm the actions that it will perform before actually running it.

Now, run the script. We will use the -P flag so that the script can use pip as a dependency source. Further, we also need to include the -M flag for the Salt master daemon to install.

saltmaster$ sudo sh -P -M

How to Initial Salt Master Configuration?

Next, you need to configure the Salt master.

1. Create the Salt Directory Structures

First, we will create the configuration management directory structure where the Salt master will look for various files.

These are all under the /srv directory by default. We need /srv/salt and /srv/pillar to get started. Create them now by typing:

saltmaster$ sudo mkdir -p /srv/{salt,pillar}

ii. Modify the Salt Master Configuration

Next, we will adjust the Salt master configuration file. Open the file with an available text editor

The first thing we will do is set the file_roots dictionary. This basically specifies the locations where the Salt master will look for configuration management instructions.

The base specifies the default environment. Two of the directories we created earlier will be used for this purpose.

The /srv/salt will be used for administrator-created instructions, and the /srv/formulas will be set aside for pre-packaged configurations downloaded from external sources:

- /srv/salt
- /srv/formulas

Salt uses YAML-style configuration files. These require strict attention to spacing and indentation for the daemon to correctly interpret the values.

Next, we will set up the root directory for our Salt pillar configuration.

- /srv/pillar

Save and close the file once the changes are done.

iii. Modify the Salt Minion Configuration

To modify the configuration, open the Salt minion configuration “/etc/salt/minion” with an available text editor.

The only change we need to make is to specify the master that this minion should connect to.

In this case, the minion should connect to the master process running on the same machine. Set the master key equal to the local loopback address in order for the minion to correctly connect:


Save and close the file once finished.

iv. Restart the Processes

Now, we need to restart both the Salt master and minion daemons in order to use our new configurations:

$ sudo restart salt-master
$ sudo restart salt-minion

v. Accept the Minion Key

Following the reboot, the Salt minion daemon automatically contacts the Salt master with its credentials. As an administrator, we simply need to verify and accept the minion’s key to allow communication.

Start by listing all of the keys that the Salt master has knowledge of:

saltmaster$ sudo salt-key --list all

The saltmaster below should match the Salt minion ID of the system. This is typically the hostname of the server:

Accepted Keys:
Denied Keys:
Unaccepted Keys:
Rejected Keys:

As you can see, our Salt minion has sent its key to the master, but it has not been accepted yet. For security purposes, before accepting the key, we will run two commands.

We need to make sure the output of this (which tells us the fingerprint of the key the Salt minion generated):

saltmaster$ sudo salt-call key.finger --local

Matches the fingerprint found here (the fingerprint of the key that the Salt master is being asked to accept). Substitute the minion ID here:

saltmaster$ sudo salt-key -f saltmaster
Unaccepted Keys:
saltmaster: 24:c8:77:1d:ed:10:d7:b0:3e:bc:bc:ed:41:e1:5a:d1

Once we verify that those values are the same, we can accept the key by typing:

saltmaster$ sudo salt-key -a saltmaster

After accepting the key, we can see that the key has been moved to the “Accepted Keys” section:

saltmaster$ sudo salt-key --list all
Accepted Keys:
Denied Keys:
Unaccepted Keys:
Rejected Keys:

Now, we can test that the Salt master and minion processes are communicating correctly by typing:

saltmaster$ sudo salt '*'

We should receive a message back indicating that the health check was successful:


vi. Install a Separate Minion

Now that we have our Salt master server up and running smoothly, we can demonstrate how to bring a new server under Salt’s control as a minion.

Again, we have multiple ways of installing the necessary software, but we should match the method used for the master server.

This will ensure that we do not have a version mismatch between Salt master and minion.

Salt minions that are more up-to-date than their master server may exhibit unpredictable behavior.

When you are ready, log into the second server with the sudo user.

Install the Stable Master from the Official PPA

For the Salt master server installed from the SaltStack PPA, we can add the same PPA on the Ubuntu minion server:

saltminion$ sudo add-apt-repository ppa:saltstack/salt

This time, we only need to install the salt-minion executable. Update the local package index after adding the PPA and install the software by typing:

saltminion$ sudo apt-get update
saltminion$ sudo apt-get install salt-minion

vii. Install the Stable Version Using Salt-Bootstrap

For the stable version installed using salt-bootstrap, we can download the same script to the minion machine:

saltminion$ cd ~
saltminion$ curl -L -o

We will call the script in almost the same way that we did on the Salt master. The only difference is that we leave out the -M flag since we do not need to install the master tools and daemons:

saltminion$ sudo sh -P

How to Configure the Minion?

Now that we have the minion installed, we can go ahead and configure it to communicate with the Salt master.

a. Get the Salt Master Public Key Fingerprint

Before we begin, we should grab the Salt master’s key fingerprint. We can add this to our minion configuration for increased security.

On the Salt master server, type:

saltmaster$ sudo salt-key -F master

The output should look something like this:

Local Keys:
master.pem: 12:db:25:3d:7f:00:a3:ed:20:55:94:ca:18:f8:67:97 7b:97:23:4b:a4:6d:16:31:2d:c9:e3:81:e2:d5:32:92
Accepted Keys:
saltmaster: 24:c8:77:1d:ed:10:d7:b0:3e:bc:bc:ed:41:e1:5a:d1

The value of the key, located under the “Local Keys” section is the fingerprint we are looking for. Copy this value to use in our Minion configuration.

How to Modify the Minion Configuration?

Back on the new Salt minion, open the minion configuration “/etc/salt/minionfile” with an available text editor.

We need to specify the location where the Salt master can be found. This can either be a resolvable DNS domain name or an IP address:

master: ip_of_salt_master

Next, set the master_finger option to the fingerprint value we copied from the Salt master a moment ago:

master_finger: '7b:97:23:4b:a4:6d:16:31:2d:c9:e3:81:e2:d5:32:92'

Save and close the file once finished.

Now, restart the Salt minion daemon to implement the new configuration changes:

saltminion$ sudo restart salt-minion

The new minion should contact the Salt master service at the provided address. It will then send its key for the master to accept.

In order to securely verify the key, need to check the key fingerprint on the new minion server.

To do this, type:

saltminion$ sudo salt-call key.finger --local

We should see output that looks like this:


We will need to verify that the key fingerprint that the master server received matches this value.

How to Accept the Minion Key on the Salt Master?

Back on the Salt master server, we need to accept the key. First, verify that we have an unaccepted key waiting on the master:

saltmaster$ sudo salt-key --list all

We should see a new key in the “Unaccepted Keys” section that is associated with the new minion:

Check the fingerprint of the new key. Modify the highlighted portion below with the minion ID that we see in the “Unaccepted Keys” section:

saltmaster$ sudo salt-key -f saltminion

The output should look something like this:

Unaccepted Keys:
saltminion: 32:2a:7c:9a:f2:0c:d1:db:84:df:d3:82:00:d5:8f:be

If this matches the value we received from the minion when issuing the salt-call command, we can safely accept the key by typing:

saltmaster$ sudo salt-key -a saltminion

The key should now be added to the “Accepted Keys” section:

saltmaster$ sudo salt-key --list all

Accepted Keys:

Denied Keys:
Unaccepted Keys:
Rejected Keys:

Test that we can send commands to the new minion by typing:

saltmaster$ sudo salt '*'

We should receive back answers from both of the minion daemons we have configured:


[Need urgent assistance to install Salt Manager on Ubuntu? – We are available 24*7]


This article will give you a comprehensive guide on the steps to perform installation and configuration of Salt Master and Minion servers on Ubuntu which involves a series of steps that include installing the master daemon, initial master configuration, installing a separate minion, and configuring the Minion.

For Linux Tutorials

We create Linux HowTos and Tutorials for Sys Admins. Visit us on

Also for Tech related tips, Visit or General Technical tips on